Service IPs

Calico supports two approaches for assigning a service IP to a
Calico-networked VM:

using a floating IP

using an additional fixed IP on the relevant Neutron port.

Both of these are standard Neutron practice - in other words, operations that
have long been supported on the Neutron API. They are not Calico-specific,
except insofar as the Calico driver needs to implement some of the low-level
operations that are needed to make the expected semantics work.

The key semantic difference between those approaches is that:

With a floating IP, the target VM itself is not aware of the service IP.
Instead, data sent to the floating IP is DNAT’d, to the target VM’s fixed IP,
before that data reaches the target VM. So the target VM only ever sees data
addressed to its fixed IP.

With the service IP as an additional fixed IP, the target VM is (and must be)
aware of the service IP, because data addressed to the service IP reaches the
target VM without any DNAT.

The use of floating IPs is already well known, so we won’t labour how to use
those here. For some additional information on how Calico supports floating
IPs, see Floating
IPs.

The use and maintainance of additional fixed IPs, however, is not so well
known, so in the following transcripts we demonstrate this approach for
assigning a service IP to a Calico-networked VM.

We begin by creating a test VM that will be the target of the service IP.